From 5c83da1dfd522132bf774d7eb1f743b519790c9f Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Thu, 28 Sep 2023 12:14:45 +0200 Subject: [PATCH] systemd: Introduce systemd_service_limitmemlock_extra_in Signed-off-by: Andrea Bolognani Reviewed-by: Michal Privoznik --- src/ch/meson.build | 1 + src/ch/virtchd.service.extra.in | 6 ------ src/lxc/meson.build | 1 + src/lxc/virtlxcd.service.extra.in | 6 ------ src/meson.build | 1 + src/qemu/meson.build | 1 + src/qemu/virtqemud.service.extra.in | 6 ------ src/remote/libvirtd.service.in | 6 ------ src/remote/meson.build | 1 + src/virtd.service.limitmemlock.extra.in | 7 +++++++ 10 files changed, 12 insertions(+), 24 deletions(-) create mode 100644 src/virtd.service.limitmemlock.extra.in diff --git a/src/ch/meson.build b/src/ch/meson.build index 65215f1cb0..95e78307ab 100644 --- a/src/ch/meson.build +++ b/src/ch/meson.build @@ -64,6 +64,7 @@ if conf.has('WITH_CH') files('virtchd.service.extra.in'), systemd_service_limitnofile_extra_in, systemd_service_tasksmax_extra_in, + systemd_service_limitmemlock_extra_in, ], } diff --git a/src/ch/virtchd.service.extra.in b/src/ch/virtchd.service.extra.in index 38d820c1af..3655c51130 100644 --- a/src/ch/virtchd.service.extra.in +++ b/src/ch/virtchd.service.extra.in @@ -5,9 +5,3 @@ After=remote-fs.target [Service] KillMode=process -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with program takes 12k per guest. After rounding up we will get 64M to -# support 4096 guests. -LimitMEMLOCK=64M diff --git a/src/lxc/meson.build b/src/lxc/meson.build index 338be79f7c..977a1f0dbe 100644 --- a/src/lxc/meson.build +++ b/src/lxc/meson.build @@ -169,6 +169,7 @@ if conf.has('WITH_LXC') files('virtlxcd.service.extra.in'), systemd_service_limitnofile_extra_in, systemd_service_tasksmax_extra_in, + systemd_service_limitmemlock_extra_in, ], } diff --git a/src/lxc/virtlxcd.service.extra.in b/src/lxc/virtlxcd.service.extra.in index 38d820c1af..3655c51130 100644 --- a/src/lxc/virtlxcd.service.extra.in +++ b/src/lxc/virtlxcd.service.extra.in @@ -5,9 +5,3 @@ After=remote-fs.target [Service] KillMode=process -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with program takes 12k per guest. After rounding up we will get 64M to -# support 4096 guests. -LimitMEMLOCK=64M diff --git a/src/meson.build b/src/meson.build index ee88c99987..28e4b83619 100644 --- a/src/meson.build +++ b/src/meson.build @@ -196,6 +196,7 @@ guest_unit_files = [] # can be used in service_extra_in/socket_extra_in (see below) systemd_service_limitnofile_extra_in = files('virtd.service.limitnofile.extra.in') systemd_service_tasksmax_extra_in = files('virtd.service.tasksmax.extra.in') +systemd_service_limitmemlock_extra_in = files('virtd.service.limitmemlock.extra.in') # virt_daemon_units: # generate libvirt daemon systemd unit files diff --git a/src/qemu/meson.build b/src/qemu/meson.build index ee4c8ab5bf..8cf2df3693 100644 --- a/src/qemu/meson.build +++ b/src/qemu/meson.build @@ -188,6 +188,7 @@ if conf.has('WITH_QEMU') files('virtqemud.service.extra.in'), systemd_service_limitnofile_extra_in, systemd_service_tasksmax_extra_in, + systemd_service_limitmemlock_extra_in, ], } diff --git a/src/qemu/virtqemud.service.extra.in b/src/qemu/virtqemud.service.extra.in index 164f672c08..32aba8be9c 100644 --- a/src/qemu/virtqemud.service.extra.in +++ b/src/qemu/virtqemud.service.extra.in @@ -9,12 +9,6 @@ After=remote-fs.target [Service] KillMode=process -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with program takes 12k per guest. After rounding up we will get 64M to -# support 4096 guests. -LimitMEMLOCK=64M [Install] Also=virtlogd.socket diff --git a/src/remote/libvirtd.service.in b/src/remote/libvirtd.service.in index 900b734f82..250b4a6fc3 100644 --- a/src/remote/libvirtd.service.in +++ b/src/remote/libvirtd.service.in @@ -33,12 +33,6 @@ ExecStart=@sbindir@/libvirtd $LIBVIRTD_ARGS ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure -# With cgroups v2 there is no devices controller anymore, we have to use -# eBPF to control access to devices. In order to do that we create a eBPF -# hash MAP which locks memory. The default map size for 64 devices together -# with program takes 12k per guest. After rounding up we will get 64M to -# support 4096 guests. -LimitMEMLOCK=64M [Install] WantedBy=multi-user.target diff --git a/src/remote/meson.build b/src/remote/meson.build index f9291099ab..198a0ab26d 100644 --- a/src/remote/meson.build +++ b/src/remote/meson.build @@ -194,6 +194,7 @@ if conf.has('WITH_REMOTE') 'service_extra_in': [ systemd_service_limitnofile_extra_in, systemd_service_tasksmax_extra_in, + systemd_service_limitmemlock_extra_in, ], 'name': 'legacy monolithic', 'sockets': [ 'main', 'ro', 'admin', 'tcp', 'tls' ], diff --git a/src/virtd.service.limitmemlock.extra.in b/src/virtd.service.limitmemlock.extra.in new file mode 100644 index 0000000000..3534b5ea48 --- /dev/null +++ b/src/virtd.service.limitmemlock.extra.in @@ -0,0 +1,7 @@ +[Service] +# With cgroups v2 there is no devices controller anymore, we have to use +# eBPF to control access to devices. In order to do that we create a eBPF +# hash MAP which locks memory. The default map size for 64 devices together +# with program takes 12k per guest. After rounding up we will get 64M to +# support 4096 guests. +LimitMEMLOCK=64M